Skip to main content
NetApp Stage KB

How does Trident handle CHAP Secrets when connecting to a SolidFire array

Views:
Visibility:
Public
Votes:
0
Category:
astra_trident
Specialty:
solidfire
Last Updated:

 

 

Applies to

Trident

Answer

When configuring CHAP for Trident to authenticate with a SolidFire array, the CHAP secrets come from the SolidFire Account.  CHAP is automatically defined when the Account is created. All volumes belonging to the account use the secrets which are configured in the Account. If the volume is not in any Volume Access Group (VAG), CHAP secrets are verified.

Trident sets up an iSCSI static discovery entry with CHAP information on the worker node where the pod is assigned. Then, completes the iSCSI login and mounts the volume so that the Pod can access the Persistent Volume.

A Container which needs access to the volume doesn’t mount the SolidFire Volume directly, the Host Client mounts the SolidFire Volume using standard iSCSI commands.

  • The SolidFire account name is the the Trident Tenant name.
  • The CHAP Secrets are automatically generated when an account is created.
  • Volumes created via Trident belong to the account.
  • Trident gets the CHAP secrets from the SolidFire cluster by using Element API calls when a trident volume is created.
    • Trident runs SolidFire Element APIs such as GetAccountByName to get account information using the credential set in the backend file

 

Create an Account example:

CreateAccount.png

Account Details example:

AccountDetails.png

 

When you create the backend file, set UseCHAP to true.

Example backend file:

{
    "version": 1,
    "storageDriverName": "solidfire-san",
    "Endpoint": "https://<user>:<password>@<mvip>/json-rpc/8.0",
    "SVIP": "<svip>:3260",
    "TenantName": "<tenant>",
    "labels": {"k8scluster": "dev1", "backend": "dev1-element-cluster"},
    "UseCHAP": true,
    "Types": [{"Type": "Bronze", "Qos": {"minIOPS": 1000, "maxIOPS": 2000, "burstIOPS": 4000}},
              {"Type": "Silver", "Qos": {"minIOPS": 4000, "maxIOPS": 6000, "burstIOPS": 8000}},
              {"Type": "Gold", "Qos": {"minIOPS": 6000, "maxIOPS": 8000, "burstIOPS": 10000}}]
}

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.